Inria Chile continues its development in South America. In recent years, with Claude Puech at the helm, she has strengthened her network of contacts and has set up partnerships with investment structures to accelerate the creation of strategies in Chile. Appointed on September 1st as Director, Nayat Sanchez Pi intends to pursue this strategy and implement an ambitious settlement project that includes opening to French partners, the revitalization of the transfer policy and the establishment of a sustainable economic model.

Thirty years ago, the Web was set up to meet an ever-growing need to organise and access information. As a founding member for Europe of the W3C, Inria take a look back at the birth of the Web as both a research subject and a tool, assessing the problems that continue to be raised.

Capitalizing on five years of research-collaboration success, Mitacs and Inria renewed their partnership originally signed in 2014. The memorandum of understanding (MOU) supports two-way international research opportunities for graduate researchers at Canadian universities and at eight Inria Research Centres in France.

The CNIL (French Data Protection Authority) and Inria have awarded the 2017 "privacy protection" Prize to a European research team. During the 11th international conference Computers Privacy and Data Protection
(CPDP) to Seda GÜRSES, Carmela TRONCOSO and Claudia DIAZ for their article « Engineering privacy by design reloaded
».

The CCSD (Centre for Direct Scientific Communication) and Software Heritage have announced their collaboration beginning early 2018: it will enable the data repository in HAL to be extended to software and, as a result, contribute to the recognition of the work of research software developers.

Facebook is investing an additional 10 million Euros and doubling the Facebook AI Research (FAIR) team in order to accelerate research on artificial intelligence in France. As a result, Facebook's European hub is strengthening its partnership with Inria.

Facebook is investing an additional 10 million Euros and doubling the Facebook AI Research (FAIR) team in order to accelerate research on artificial intelligence in France. As a result, Facebook's European hub is strengthening its partnership with Inria.

InriaSoft aims for the durable development of large-scale software programs by bringing together their user communities within consortia that will finance a team of engineers tasked with their maintenance and evolution. The InriaSoft headquarters are based in Rennes, as Claude Labit, director, and David Margery, technical director of this national action backed by the Fondation Inria, explain.

Logjam: a new security flaw in cryptographic algorithms

In March, the Internet was thrown into turmoil by the FREAK attack discovered by the PROSECCO team. Following the discovery of the Logjam vulnerability, Karthik Bhargavan, who heads this team (focusing on verifying the cryptographic mechanisms used to secure internet communication: cryptographic protocols, smart cards, secure flash drives, encrypted databases, etc.) and who is one of the researchers who worked on the discovery, told us about it in more detail.

Can you explain what LogJam is?

"Logjam is a new vulnerability in TLS, the cryptographic protocol used to protect all websites that begin with https:// "

Along with a team of researchers (from INRIA, LORIA, Microsoft Research, University of Michigan, University of Pennsylvania and Johns Hopkins University) we found that this vulnerability can be used by an attacker to break into connections that were previously considered strongly secure.

What are the risks entailed with this new vulnerability?

There are two sides to Logjam.

First, we find that about 8% of popular websites support weak cryptographic parameters that can be broken by anyone with a few weeks of computation on a modern desktop computer. This means that your connections to these websites can be broken into by anyone who sits in the same wi-fi café.

Second, we speculate that some commonly used cryptographic parameters on the Internet can be broken by state-level agencies with access to supercomputers. This would mean that many of your online connections (email, web, VPN) can be read by powerful agencies, even if you use secure communication protocols.

Is the LogJam attack similar to FREAK, another vulnerability discovered recently?

Both FREAK and Logjam are concerned with the continued use of obsolete export-grade cryptography from the 1990s. FREAK exploits an implementation bug and attacks connections based on the RSA algorithm. Logjam, on the other hand, uncovers a flaw in the TLS protocol itself and attacks connections based on the Diffie-Hellman algorithm.

It is worth noting that while the use of RSA in TLS has been subject to previous attacks, Diffie-Hellman was previously highly-recommended because of its strong "forward" secrecy guarantees. Logjam shows that this recommendation was flawed.